13 May 2016

Petya ransomware is back with a friend named Misha

Petya ransomware is back with a friend named Misha

Petya ransomware became very popular because of its name. However, the code was not efficient enough to make money for malware writers. Petya needed administrative privileges on the system to modify master boot record. If it could not get administrative privileges, it did nothing with the infected computer.

Ransomware writers had to do something about it, and they did: a very clever and scary move from. They released new malware named Misha. It is downloaded by Petya in case Petya’s installation has failed. Misha does not require administrative privileges, according to Bleepingcomputer.

After installation Misha ransomware encrypts files with AES encryption algorithm and demands ransom of 1.93 bitcoins (approximately $875). Encrypted files are renamed and 4-character extension is added to the filename, for example: test.jpg will renamed into test.jpg.7GP3.

Ransomware is distributed via emails with link to malicious executables, disguised as job applications.

Unfortunately, there is no know way to restore encrypted files for free.

Back to the list

Latest Posts

North Korean hackers adopt a new technique to infect macOS machines

North Korean hackers adopt a new technique to infect macOS machines

The found sample appears to be the Lazarus group's first in-memory malware targeting the Apple operating system.
6 December 2019
New destructive wiper ZeroCleare targets industrial and energy organizations in the Middle East

New destructive wiper ZeroCleare targets industrial and energy organizations in the Middle East

The ZeroCleare malware bears some similarity with the infamous Shamoon wiper.
5 December 2019
TrickBot operators set their sights on Japanese banks ahead of holiday season

TrickBot operators set their sights on Japanese banks ahead of holiday season

While the TrickBot malware has been spotted in other regions, this marks the first time TrickBot has been seen at Japanese banks.
4 December 2019